Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045963
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Retail Modules] Web POScriticalalways2021-02-26 13:142021-03-02 08:48
ReportermigueldejuanaView Statuspublic 
Assigned Toprakashmurugesan88 
PriorityimmediateResolutionfixedFixed in VersionRR20Q3.5
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionRR20Q3.5
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045963: We are sending credentials using GET

DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0045960 closedprakashmurugesan88 We are sending credentials using GET 

-  Notes
(0126448)
hgbot (developer)
2021-03-02 08:10

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^]
(0126449)
hgbot (developer)
2021-03-02 08:10

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^]
(0126462)
hgbot (developer)
2021-03-02 08:48

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^]
(0126463)
hgbot (developer)
2021-03-02 08:48

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 470fc94a134b23963d6ff876cf62ee2c7308acd0
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T12:16:12+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/470fc94a134b23963d6ff876cf62ee2c7308acd0 [^]

Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126464)
hgbot (developer)
2021-03-02 08:48

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: 79b9c46fd6e08f2ccb33d4983340243156153851
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T12:16:34+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/79b9c46fd6e08f2ccb33d4983340243156153851 [^]

Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---
(0126465)
hgbot (developer)
2021-03-02 08:48

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^]

- Issue History
Date Modified Username Field Change
2021-02-26 13:15 migueldejuana Type defect => backport
2021-02-26 13:15 migueldejuana Target Version => RR20Q3.5
2021-03-02 08:10 hgbot Note Added: 0126448
2021-03-02 08:10 hgbot Note Added: 0126449
2021-03-02 08:48 hgbot Resolution open => fixed
2021-03-02 08:48 hgbot Status scheduled => closed
2021-03-02 08:48 hgbot Note Added: 0126462
2021-03-02 08:48 hgbot Fixed in Version => RR20Q3.5
2021-03-02 08:48 hgbot Note Added: 0126463
2021-03-02 08:48 hgbot Note Added: 0126464
2021-03-02 08:48 hgbot Note Added: 0126465

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker